fuyufjh/tianyi.patch

## tianyi.patch
Index: ppp-2.4.7/pppd/chap-md5.c
===================================================================
--- ppp-2.4.7.orig/pppd/chap-md5.c	2014-08-09 12:31:39.000000000 +0000
+++ ppp-2.4.7/pppd/chap-md5.c	2014-09-28 15:05:32.517737058 +0000
@@ -1,6 +1,12 @@
 /*
  * chap-md5.c - New CHAP/MD5 implementation.
  *
+ * Modified for Damning China Telecom Campus Broadband Access.
+ *
+ * Version 20140921
+ *
+ * Copyright (c) 2014 Lingmo Zhu. All rights reserved.
+ *
  * Copyright (c) 2003 Paul Mackerras. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -53,6 +59,120 @@
 	random_bytes(cp, clen);
 }

+static unsigned long xteakey[4] = {
+    0xf96d9f94, 0x787199a7, 0x9e15fe69, 0xe816331d
+};
+
+static unsigned char newtable[16] = {
+    0x94, 0x9f, 0x6d, 0xf9, 0xa7, 0x99, 0x71, 0x78,
+    0x69, 0xfe, 0x15, 0x9e, 0x1d, 0x33, 0x16, 0xe8
+};
+
+static unsigned char encrypt_table[17] = {
+    0x38, 0xf2, 0xf8, 0xf8, 0x88, 0xe3, 0xe8, 0x99,
+    0x76, 0x12, 0xd4, 0x22, 0xa7, 0x87, 0x65, 0x23,
+    0x12
+};
+
+static void
+chap_esurfing_encrypt(unsigned char *dest, unsigned char *src, int src_len) {
+    if (src_len>0) {
+        int i;
+        for (i=0; i!=src_len; i++)
+            dest[i]=src[i]+encrypt_table[i%17];
+    }
+}
+
+static void
+chap_esurfing_xtea(int round, unsigned char *v, unsigned long *key) {
+    unsigned long v0, v1, tv[8], sum, delta=0x9e3779b9;
+    int i;
+    tv[0]=v[0];tv[1]=v[1];tv[2]=v[2];tv[3]=v[3];
+    tv[4]=v[4];tv[5]=v[5];tv[6]=v[6];tv[7]=v[7];
+    v0=(tv[3]<<24)+(tv[2]<<16)+(tv[1]<<8)+tv[0];
+    v1=(tv[7]<<24)+(tv[6]<<16)+(tv[5]<<8)+tv[4];
+    if (round<=0) {
+        if ((sum=(-round)*delta)!=0) {
+            notice("xtea decrypt");
+            for (i=0; i>round; i--) {
+                v1-=((v0<<4)^(v0>>5))+(v0^sum)+key[(sum>>11)&3];
+                sum-=delta;
+                v0-=((v1<<4)^(v1>>5))+(v1^sum)+key[sum&3];
+            }
+        }
+    } else if ((round*delta)!=0) {
+        notice("xtea encrypt");
+        for (i=0; i<round; i++) {
+            v0+=((v1<<4)^(v1>>5))+(v1^sum)+key[sum&3];
+            sum+=delta;
+            v1+=((v0<<4)^(v0>>5))+(v0^sum)+key[(sum>>11)&3];
+        }
+    }
+    tv[0]=v0; tv[1]=v0>>8; tv[2]=v0>>16; tv[3]=v0>>24;
+    tv[4]=v1; tv[5]=v1>>8; tv[6]=v1>>16; tv[7]=v1>>24;
+    for (i=0; i<8; i++)
+        v[i]=tv[i]&0xff;
+}
+
+static inline void
+encrypt0(unsigned long *key, unsigned char *v) {
+    chap_esurfing_xtea(16, v, key);
+    chap_esurfing_xtea(16, v+8, key);
+}
+
+static inline void
+encrypt1(unsigned long *key, unsigned char *v) {
+    chap_esurfing_xtea(-16, v, key);
+    chap_esurfing_xtea(-16, v+8, key);
+}
+
+static inline void
+encrypt2(unsigned long *key, unsigned char *v) {
+    chap_esurfing_xtea(32, v, key);
+    chap_esurfing_xtea(32, v+8, key);
+}
+
+static inline void
+encrypt3(unsigned long *key, unsigned char *v) {
+    chap_esurfing_xtea(-32, v, key);
+    chap_esurfing_xtea(-32, v+8, key);
+}
+
+static inline void
+ksa(unsigned char state[], unsigned char key[], int len) {
+    int i,j=0,t;
+    for (i=0; i < 256; ++i)
+        state[i] = i;
+    for (i=0; i < 256; ++i) {
+        j = (j + state[i] + key[i % len]) % 256;
+        t = state[i];
+        state[i] = state[j];
+        state[j] = t;
+    }
+}
+
+static inline void
+prga(unsigned char state[], unsigned char out[], int len) {
+    int i=0,j=0,x,t;
+    unsigned char key;
+
+    for (x=0; x < len; ++x)  {
+        i = (i + 1) % 256;
+        j = (j + state[i]) % 256;
+        t = state[i];
+        state[i] = state[j];
+        state[j] = t;
+        out[x] ^= state[(state[i] + state[j]) % 256];
+    }
+}
+
+static void
+encrypt4(unsigned char *key, unsigned char *v) {
+    unsigned char state[256];
+	ksa(state, key, 16);
+	prga(state, v, 16);
+}
+
 static int
 chap_md5_verify_response(int id, char *name,
 			 unsigned char *secret, int secret_len,
@@ -91,6 +211,7 @@
 {
 	MD5_CTX ctx;
 	unsigned char idbyte = id;
+	unsigned char *chall = challenge + 1;
 	int challenge_len = *challenge++;

 	MD5_Init(&ctx);
@@ -99,6 +220,47 @@
 	MD5_Update(&ctx, challenge, challenge_len);
 	MD5_Final(&response[1], &ctx);
 	response[0] = MD5_HASH_SIZE;
+	if (our_name[1]=='~') {
+		/* Second MD5 for Damn ESurfing */
+		notice("Using Old ESurfing Encryption...");
+		unsigned char *t=malloc(challenge_len);
+		memcpy(t, chall, challenge_len);
+		chap_esurfing_encrypt(t, t, challenge_len);
+
+		MD5_Init(&ctx);
+		MD5_Update(&ctx, &response[1], response[0]);
+		MD5_Update(&ctx, t, challenge_len);
+		MD5_Final(&response[1], &ctx);
+		response[0] = MD5_HASH_SIZE;
+		free(t);
+	} else if (our_name[1]=='#') {
+		notice("Using New ESurfing Encryption %d with secret %s", response[1]%5, secret);
+		switch (response[1]%5) {
+		case 0:
+			encrypt0(xteakey, &response[1]);
+			break;
+
+		case 1:
+			encrypt1(xteakey, &response[1]);
+			break;
+
+		case 2:
+			encrypt2(xteakey, &response[1]);
+			break;
+
+		case 3:
+			encrypt3(xteakey, &response[1]);
+			break;
+
+		case 4:
+			encrypt4(newtable, &response[1]);
+			break;
+
+		default:
+			break;
+		}
+	} else
+		notice("Ordinary CHAP, HOORAY!");
 }

 static struct chap_digest_type md5_digest = {
	Index: ppp-2.4.7/pppd/chap-md5.c
	===================================================================
	--- ppp-2.4.7.orig/pppd/chap-md5.c 2014-08-09 12:31:39.000000000 +0000
	+++ ppp-2.4.7/pppd/chap-md5.c 2014-09-28 15:05:32.517737058 +0000
	@@ -1,6 +1,12 @@
	/*
	* chap-md5.c - New CHAP/MD5 implementation.
	*
	+ * Modified for Damning China Telecom Campus Broadband Access.
	+ *
	+ * Version 20140921
	+ *
	+ * Copyright (c) 2014 Lingmo Zhu. All rights reserved.
	+ *
	* Copyright (c) 2003 Paul Mackerras. All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	@@ -53,6 +59,120 @@
	random_bytes(cp, clen);
	}

	+static unsigned long xteakey[4] = {
	+ 0xf96d9f94, 0x787199a7, 0x9e15fe69, 0xe816331d
	+};
	+
	+static unsigned char newtable[16] = {
	+ 0x94, 0x9f, 0x6d, 0xf9, 0xa7, 0x99, 0x71, 0x78,
	+ 0x69, 0xfe, 0x15, 0x9e, 0x1d, 0x33, 0x16, 0xe8
	+};
	+
	+static unsigned char encrypt_table[17] = {
	+ 0x38, 0xf2, 0xf8, 0xf8, 0x88, 0xe3, 0xe8, 0x99,
	+ 0x76, 0x12, 0xd4, 0x22, 0xa7, 0x87, 0x65, 0x23,
	+ 0x12
	+};
	+
	+static void
	+chap_esurfing_encrypt(unsigned char dest, unsigned char src, int src_len) {
	+ if (src_len>0) {
	+ int i;
	+ for (i=0; i!=src_len; i++)
	+ dest[i]=src[i]+encrypt_table[i%17];
	+ }
	+}
	+
	+static void
	+chap_esurfing_xtea(int round, unsigned char v, unsigned long key) {
	+ unsigned long v0, v1, tv[8], sum, delta=0x9e3779b9;
	+ int i;
	+ tv[0]=v[0];tv[1]=v[1];tv[2]=v[2];tv[3]=v[3];
	+ tv[4]=v[4];tv[5]=v[5];tv[6]=v[6];tv[7]=v[7];
	+ v0=(tv[3]<<24)+(tv[2]<<16)+(tv[1]<<8)+tv[0];
	+ v1=(tv[7]<<24)+(tv[6]<<16)+(tv[5]<<8)+tv[4];
	+ if (round<=0) {
	+ if ((sum=(-round)*delta)!=0) {
	+ notice("xtea decrypt");
	+ for (i=0; i>round; i--) {
	+ v1-=((v0<<4)^(v0>>5))+(v0^sum)+key[(sum>>11)&3];
	+ sum-=delta;
	+ v0-=((v1<<4)^(v1>>5))+(v1^sum)+key[sum&3];
	+ }
	+ }
	+ } else if ((round*delta)!=0) {
	+ notice("xtea encrypt");
	+ for (i=0; i<round; i++) {
	+ v0+=((v1<<4)^(v1>>5))+(v1^sum)+key[sum&3];
	+ sum+=delta;
	+ v1+=((v0<<4)^(v0>>5))+(v0^sum)+key[(sum>>11)&3];
	+ }
	+ }
	+ tv[0]=v0; tv[1]=v0>>8; tv[2]=v0>>16; tv[3]=v0>>24;
	+ tv[4]=v1; tv[5]=v1>>8; tv[6]=v1>>16; tv[7]=v1>>24;
	+ for (i=0; i<8; i++)
	+ v[i]=tv[i]&0xff;
	+}
	+
	+static inline void
	+encrypt0(unsigned long key, unsigned char v) {
	+ chap_esurfing_xtea(16, v, key);
	+ chap_esurfing_xtea(16, v+8, key);
	+}
	+
	+static inline void
	+encrypt1(unsigned long key, unsigned char v) {
	+ chap_esurfing_xtea(-16, v, key);
	+ chap_esurfing_xtea(-16, v+8, key);
	+}
	+
	+static inline void
	+encrypt2(unsigned long key, unsigned char v) {
	+ chap_esurfing_xtea(32, v, key);
	+ chap_esurfing_xtea(32, v+8, key);
	+}
	+
	+static inline void
	+encrypt3(unsigned long key, unsigned char v) {
	+ chap_esurfing_xtea(-32, v, key);
	+ chap_esurfing_xtea(-32, v+8, key);
	+}
	+
	+static inline void
	+ksa(unsigned char state[], unsigned char key[], int len) {
	+ int i,j=0,t;
	+ for (i=0; i < 256; ++i)
	+ state[i] = i;
	+ for (i=0; i < 256; ++i) {
	+ j = (j + state[i] + key[i % len]) % 256;
	+ t = state[i];
	+ state[i] = state[j];
	+ state[j] = t;
	+ }
	+}
	+
	+static inline void
	+prga(unsigned char state[], unsigned char out[], int len) {
	+ int i=0,j=0,x,t;
	+ unsigned char key;
	+
	+ for (x=0; x < len; ++x) {
	+ i = (i + 1) % 256;
	+ j = (j + state[i]) % 256;
	+ t = state[i];
	+ state[i] = state[j];
	+ state[j] = t;
	+ out[x] ^= state[(state[i] + state[j]) % 256];
	+ }
	+}
	+
	+static void
	+encrypt4(unsigned char key, unsigned char v) {
	+ unsigned char state[256];
	+ ksa(state, key, 16);
	+ prga(state, v, 16);
	+}
	+
	static int
	chap_md5_verify_response(int id, char *name,
	unsigned char *secret, int secret_len,
	@@ -91,6 +211,7 @@
	{
	MD5_CTX ctx;
	unsigned char idbyte = id;
	+ unsigned char *chall = challenge + 1;
	int challenge_len = *challenge++;

	MD5_Init(&ctx);
	@@ -99,6 +220,47 @@
	MD5_Update(&ctx, challenge, challenge_len);
	MD5_Final(&response[1], &ctx);
	response[0] = MD5_HASH_SIZE;
	+ if (our_name[1]=='~') {
	+ /* Second MD5 for Damn ESurfing */
	+ notice("Using Old ESurfing Encryption...");
	+ unsigned char *t=malloc(challenge_len);
	+ memcpy(t, chall, challenge_len);
	+ chap_esurfing_encrypt(t, t, challenge_len);
	+
	+ MD5_Init(&ctx);
	+ MD5_Update(&ctx, &response[1], response[0]);
	+ MD5_Update(&ctx, t, challenge_len);
	+ MD5_Final(&response[1], &ctx);
	+ response[0] = MD5_HASH_SIZE;
	+ free(t);
	+ } else if (our_name[1]=='#') {
	+ notice("Using New ESurfing Encryption %d with secret %s", response[1]%5, secret);
	+ switch (response[1]%5) {
	+ case 0:
	+ encrypt0(xteakey, &response[1]);
	+ break;
	+
	+ case 1:
	+ encrypt1(xteakey, &response[1]);
	+ break;
	+
	+ case 2:
	+ encrypt2(xteakey, &response[1]);
	+ break;
	+
	+ case 3:
	+ encrypt3(xteakey, &response[1]);
	+ break;
	+
	+ case 4:
	+ encrypt4(newtable, &response[1]);
	+ break;
	+
	+ default:
	+ break;
	+ }
	+ } else
	+ notice("Ordinary CHAP, HOORAY!");
	}

	static struct chap_digest_type md5_digest = {